| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Apr 2014 17:15:44 -0400 From: Vivek Goyal <vgoyal@...hat.com> To: linux-kernel@...r.kernel.org, cgroups@...r.kernel.org, netdev@...r.kernel.org, davem@...emloft.net Cc: tj@...nel.org, ssorce@...hat.com, lpoetter@...hat.com, kay@...hat.com, luto@...capital.net, dwalsh@...hat.com, Vivek Goyal <vgoyal@...hat.com> Subject: [PATCH 0/2] net: Implement SO_PEERCGROUP and SO_PASSCGROUP socket options Hi, This is another version of patchset to add support passing cgroup information of client over unix socket API. This patchset adds a new socket option SO_PEERCGROUP to receive cgroup information of client which opened the connection. This only works with unix stream sockets. It also adds another option SO_PASSCGROUP which allows server to receive the cgroup information of the message sender. This option enables receiving a new type of control message SCM_CGROUP which contains cgroup information. This option works both with unix stream as well as datagram sockets. User space applications want to know the cgroup of the client and they seem to have different use cases of how to make use of cgroup information. One such use case is that systemd logs cgroup information of client in journal. Currently, one uses SO_PEERCRED or SO_PASSCRED option and gets the pid of client and looks up cgroup from /proc/pid/cgroup. But this has two problems. - Looking up /proc/pid/cgroup is racy. It is possible that by the time we looked it up, client exited and pid got reused and we are looking at cgroup information of an entirely different process. - Even if pid did not get reused, there might not be /proc/pid/cgroup file if client exited. So server got a message but now there is no way to find cgroup of client how had sent the message. Passing cgroup information using SO_PEERCROUP and SO_PASSCGROUP options should solve above two problems/races. Your feedback is welcome. Thanks Vivek Vivek Goyal (2): net: Implement SO_PEERCGROUP net: Implement SO_PASSCGROUP to enable passing cgroup path arch/alpha/include/uapi/asm/socket.h | 2 + arch/avr32/include/uapi/asm/socket.h | 2 + arch/cris/include/uapi/asm/socket.h | 3 + arch/frv/include/uapi/asm/socket.h | 2 + arch/ia64/include/uapi/asm/socket.h | 3 + arch/m32r/include/uapi/asm/socket.h | 2 + arch/mips/include/uapi/asm/socket.h | 2 + arch/mn10300/include/uapi/asm/socket.h | 2 + arch/parisc/include/uapi/asm/socket.h | 2 + arch/powerpc/include/uapi/asm/socket.h | 2 + arch/s390/include/uapi/asm/socket.h | 2 + arch/sparc/include/uapi/asm/socket.h | 3 + arch/xtensa/include/uapi/asm/socket.h | 2 + include/linux/net.h | 1 + include/linux/socket.h | 1 + include/net/af_unix.h | 1 + include/net/scm.h | 26 ++++- include/net/sock.h | 2 + include/uapi/asm-generic/socket.h | 3 + net/core/sock.c | 26 +++++ net/unix/af_unix.c | 188 ++++++++++++++++++++++++++++++++- 21 files changed, 271 insertions(+), 6 deletions(-) -- 1.9.0 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists